<?php
/**
 * Created by PhpStorm.
 * User: Guangpeng Chen
 * Date: 15-3-11
 * Time: 下午3:06
 */
define('SECRET_KEY', 'RFGrfgY5CjVP8LcY');
include '../common/db.conf.php';
include '../common/Db.class.php';
include '../../common/func.inc.php';
include '/var/www/html/wx/api/Api.class.php';

use PFT\Db;
use WeChat\Api\Api;
$ip_limit = array('121.41.120.34');

$ip       = ip();
if (!in_array($ip, $ip_limit)) {
    write_logs("非法请求；IP:{$ip}", '/var/www/html/new/d/logs/access_deny.log');
    exit;
}
$action   = $_REQUEST['action'];
switch($action) {
    case 'GET_WX_APPID':
        $fid  = intval($_GET['fid']);
        $sign = trim($_GET['sign']);
        //print_r($_GET);exit;
//        echo $fid, '---', $sign;
        $chk_sign = md5($action . $fid . SECRET_KEY);
        if ($sign != $chk_sign) {
            Api::Response('验证失败' . $sign, Api::$authErrorCode);
        }
        $sql  = "SELECT appid,hash FROM pft_wx WHERE fid=? AND appid<>'' ORDER BY id DESC LIMIT 1";
        $stmt = \PFT\Db::Connect()->prepare($sql);
        $stmt->execute(array($fid));
        $data = $stmt->fetch(PDO::FETCH_ASSOC);
        Api::CollectionResponse($data);
        break;
    case 'CHK_BIND':
//        $chk_sign = md5($action . $fid . SECRET_KEY);
//        if ($sign != $chk_sign) {
//            Api::Response('验证失败' . $sign, Api::$authErrorCode);
//        }
        $openid = $_GET['openid'];
        $sql = "SELECT aid,tousername FROM uu_wx_member_pft WHERE fromusername=? AND tousername=? LIMIT 1";
        $stmt = \PFT\Db::Connect()->prepare($sql);
        $stmt->execute(array($openid, $_GET['appid']));
        $data = $stmt->fetch(PDO::FETCH_ASSOC);
        if (!$data) Api::Response('未绑定', 0);
        if ($data['tousername']!=$_GET['appid']) Api::Response('未绑定', 0);
        Api::Response('ok', 200);
        break;
}